From 37b424de2ddd82f69c172e1c579dec0948c81ac9 Mon Sep 17 00:00:00 2001 From: fenos Date: Sat, 13 Apr 2024 10:22:11 +0100 Subject: [PATCH] fix: accept forwarded header on signature, increase migrations timeout, disable host validation on queue --- src/database/migrations/migrate.ts | 2 +- src/queue/events/base-event.ts | 1 + src/storage/protocols/s3/signature-v4.ts | 8 ++++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/database/migrations/migrate.ts b/src/database/migrations/migrate.ts index c6c52d9c..787df541 100644 --- a/src/database/migrations/migrate.ts +++ b/src/database/migrations/migrate.ts @@ -187,7 +187,7 @@ async function connectAndMigrate(options: { const dbConfig: ClientConfig = { connectionString: databaseUrl, - connectionTimeoutMillis: 10_000, + connectionTimeoutMillis: 60_000, options: `-c search_path=${searchPath}`, ssl, } diff --git a/src/queue/events/base-event.ts b/src/queue/events/base-event.ts index 2025208f..5811c85b 100644 --- a/src/queue/events/base-event.ts +++ b/src/queue/events/base-event.ts @@ -166,6 +166,7 @@ export abstract class BaseEvent> { superUser: adminUser, host: payload.tenant.host, tenantId: payload.tenant.ref, + disableHostCheck: true, }) const db = new StorageKnexDB(client, { diff --git a/src/storage/protocols/s3/signature-v4.ts b/src/storage/protocols/s3/signature-v4.ts index 771e752d..13a1345d 100644 --- a/src/storage/protocols/s3/signature-v4.ts +++ b/src/storage/protocols/s3/signature-v4.ts @@ -261,6 +261,14 @@ export class SignatureV4 { if (xForwardedHost) { return `host:${xForwardedHost.toLowerCase()}` } + + const forwarded = this.getHeader(request, 'forwarded') + if (forwarded) { + const extractedHost = /host="?([^";]+)/.exec(forwarded)?.[1] + if (extractedHost) { + return `host:${extractedHost.toLowerCase()}` + } + } } return `${header.toLowerCase()}:${